librpc/ndr/ndr_dns.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3
   4    manipulate dns name structures
   5
   6    Copyright (C) 2010 Kai Blin  <kai@samba.org>
   7
   8    Heavily based on nbtname.c which is:
   9
  10    Copyright (C) Andrew Tridgell 2005
  11
  12    This program is free software; you can redistribute it and/or modify
  13    it under the terms of the GNU General Public License as published by
  14    the Free Software Foundation; either version 3 of the License, or
  15    (at your option) any later version.
  16
  17    This program is distributed in the hope that it will be useful,
  18    but WITHOUT ANY WARRANTY; without even the implied warranty of
  19    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  20    GNU General Public License for more details.
  21
  22    You should have received a copy of the GNU General Public License
  23    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  24 */
  25
  26 /*
  27   see rfc1002 for the detailed format of compressed names
  28 */
  29
  30 #include "includes.h"
  31 #include "librpc/gen_ndr/ndr_dns.h"
  32 #include "librpc/gen_ndr/ndr_misc.h"
  33 #include "system/locale.h"
  34 #include "lib/util/util_net.h"
  35
  36 /* don't allow an unlimited number of name components */
  37 #define MAX_COMPONENTS 128
  38
  39 /**
  40   print a dns string
  41 */
  42 _PUBLIC_ void ndr_print_dns_string(struct ndr_print *ndr, const char *name, const char *s)
  43 {
  44         ndr_print_string(ndr, name, s);
  45 }
  46
  47 /*
  48   pull one component of a dns_string
  49 */
  50 static enum ndr_err_code ndr_pull_component(struct ndr_pull *ndr,
  51                                             uint8_t **component,
  52                                             uint32_t *offset,
  53                                             uint32_t *max_offset)
  54 {
  55         uint8_t len;
  56         unsigned int loops = 0;
  57         while (loops < 5) {
  58                 if (*offset >= ndr->data_size) {
  59                         return ndr_pull_error(ndr, NDR_ERR_STRING,
  60                                               "BAD DNS NAME component, bad offset");
  61                 }
  62                 len = ndr->data[*offset];
  63                 if (len == 0) {
  64                         *offset += 1;
  65                         *max_offset = MAX(*max_offset, *offset);
  66                         *component = NULL;
  67                         return NDR_ERR_SUCCESS;
  68                 }
  69                 if ((len & 0xC0) == 0xC0) {
  70                         /* its a label pointer */
  71                         if (1 + *offset >= ndr->data_size) {
  72                                 return ndr_pull_error(ndr, NDR_ERR_STRING,
  73                                                       "BAD DNS NAME component, bad label offset");
  74                         }
  75                         *max_offset = MAX(*max_offset, *offset + 2);
  76                         *offset = ((len&0x3F)<<8) | ndr->data[1 + *offset];
  77                         *max_offset = MAX(*max_offset, *offset);
  78                         loops++;
  79                         continue;
  80                 }
  81                 if ((len & 0xC0) != 0) {
  82                         /* its a reserved length field */
  83                         return ndr_pull_error(ndr, NDR_ERR_STRING,
  84                                               "BAD DNS NAME component, reserved lenght field: 0x%02x", (len &0xC));
  85                 }
  86                 if (*offset + len + 2 > ndr->data_size) {
  87                         return ndr_pull_error(ndr, NDR_ERR_STRING,
  88                                               "BAD DNS NAME component, length too long");
  89                 }
  90                 *component = (uint8_t*)talloc_strndup(ndr, (const char *)&ndr->data[1 + *offset], len);
  91                 NDR_ERR_HAVE_NO_MEMORY(*component);
  92                 *offset += len + 1;
  93                 *max_offset = MAX(*max_offset, *offset);
  94                 return NDR_ERR_SUCCESS;
  95         }
  96
  97         /* too many pointers */
  98         return ndr_pull_error(ndr, NDR_ERR_STRING, "BAD DNS NAME component, too many pointers");
  99 }
 100
 101 /**
 102   pull a dns_string from the wire
 103 */
 104 _PUBLIC_ enum ndr_err_code ndr_pull_dns_string(struct ndr_pull *ndr, int ndr_flags, const char **s)
 105 {
 106         uint32_t offset = ndr->offset;
 107         uint32_t max_offset = offset;
 108         unsigned num_components;
 109         char *name;
 110
 111         if (!(ndr_flags & NDR_SCALARS)) {
 112                 return NDR_ERR_SUCCESS;
 113         }
 114
 115         name = talloc_strdup(ndr->current_mem_ctx, "");
 116
 117         /* break up name into a list of components */
 118         for (num_components=0;num_components<MAX_COMPONENTS;num_components++) {
 119                 uint8_t *component = NULL;
 120                 NDR_CHECK(ndr_pull_component(ndr, &component, &offset, &max_offset));
 121                 if (component == NULL) break;
 122                 if (num_components > 0) {
 123                         name = talloc_asprintf_append_buffer(name, ".%s", component);
 124                 } else {
 125                         name = talloc_asprintf_append_buffer(name, "%s", component);
 126                 }
 127                 NDR_ERR_HAVE_NO_MEMORY(name);
 128         }
 129         if (num_components == MAX_COMPONENTS) {
 130                 return ndr_pull_error(ndr, NDR_ERR_STRING,
 131                                       "BAD DNS NAME too many components");
 132         }
 133
 134         (*s) = name;
 135         ndr->offset = max_offset;
 136
 137         return NDR_ERR_SUCCESS;
 138 }
 139
 140 /**
 141   push a dns string to the wire
 142 */
 143 _PUBLIC_ enum ndr_err_code ndr_push_dns_string(struct ndr_push *ndr, int ndr_flags, const char *s)
 144 {
 145         if (!(ndr_flags & NDR_SCALARS)) {
 146                 return NDR_ERR_SUCCESS;
 147         }
 148
 149         while (s && *s) {
 150                 enum ndr_err_code ndr_err;
 151                 char *compname;
 152                 size_t complen;
 153                 uint32_t offset;
 154
 155                 /* see if we have pushed the remaing string allready,
 156                  * if so we use a label pointer to this string
 157                  */
 158                 ndr_err = ndr_token_retrieve_cmp_fn(&ndr->dns_string_list, s, &offset, (comparison_fn_t)strcmp, false);
 159                 if (NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
 160                         uint8_t b[2];
 161
 162                         if (offset > 0x3FFF) {
 163                                 return ndr_push_error(ndr, NDR_ERR_STRING,
 164                                                       "offset for dns string label pointer %u[%08X] > 0x00003FFF",
 165                                                       offset, offset);
 166                         }
 167
 168                         b[0] = 0xC0 | (offset>>8);
 169                         b[1] = (offset & 0xFF);
 170
 171                         return ndr_push_bytes(ndr, b, 2);
 172                 }
 173
 174                 complen = strcspn(s, ".");
 175
 176                 /* we need to make sure the length fits into 6 bytes */
 177                 if (complen > 0x3F) {
 178                         return ndr_push_error(ndr, NDR_ERR_STRING,
 179                                               "component length %u[%08X] > 0x0000003F",
 180                                               (unsigned)complen, (unsigned)complen);
 181                 }
 182
 183                 compname = talloc_asprintf(ndr, "%c%*.*s",
 184                                                 (unsigned char)complen,
 185                                                 (unsigned char)complen,
 186                                                 (unsigned char)complen, s);
 187                 NDR_ERR_HAVE_NO_MEMORY(compname);
 188
 189                 /* remember the current componemt + the rest of the string
 190                  * so it can be reused later
 191                  */
 192                 NDR_CHECK(ndr_token_store(ndr, &ndr->dns_string_list, s, ndr->offset));
 193
 194                 /* push just this component into the blob */
 195                 NDR_CHECK(ndr_push_bytes(ndr, (const uint8_t *)compname, complen+1));
 196                 talloc_free(compname);
 197
 198                 s += complen;
 199                 if (*s == '.') s++;
 200         }
 201
 202         /* if we reach the end of the string and have pushed the last component
 203          * without using a label pointer, we need to terminate the string
 204          */
 205         return ndr_push_bytes(ndr, (const uint8_t *)"", 1);
 206 }
 207
 208 _PUBLIC_ enum ndr_err_code ndr_push_dns_res_rec(struct ndr_push *ndr, int ndr_flags, const struct dns_res_rec *r)
 209 {
 210         {
 211                 uint32_t _flags_save_STRUCT = ndr->flags;
 212                 uint32_t _saved_offset1, _saved_offset2;
 213                 uint16_t length;
 214                 ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX|LIBNDR_FLAG_NOALIGN);
 215                 if (ndr_flags & NDR_SCALARS) {
 216                         NDR_CHECK(ndr_push_align(ndr, 4));
 217                         NDR_CHECK(ndr_push_dns_string(ndr, NDR_SCALARS, r->name));
 218                         NDR_CHECK(ndr_push_dns_qtype(ndr, NDR_SCALARS, r->rr_type));
 219                         NDR_CHECK(ndr_push_dns_qclass(ndr, NDR_SCALARS, r->rr_class));
 220                         NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->ttl));
 221                         _saved_offset1 = ndr->offset;
 222                         NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, 0));
 223                         NDR_CHECK(ndr_push_set_switch_value(ndr, &r->rdata, r->rr_type));
 224                         NDR_CHECK(ndr_push_dns_rdata(ndr, NDR_SCALARS, &r->rdata));
 225
 226                         if (r->unexpected.length > UINT16_MAX) {
 227                                 return ndr_push_error(ndr, NDR_ERR_LENGTH,
 228                                                       "Unexpected blob lenght is too large");
 229                         }
 230
 231                         NDR_CHECK(ndr_push_bytes(ndr, r->unexpected.data, r->unexpected.length));
 232                         NDR_CHECK(ndr_push_trailer_align(ndr, 4));
 233                         length = ndr->offset - (_saved_offset1 + 2);
 234                         _saved_offset2 = ndr->offset;
 235                         ndr->offset = _saved_offset1;
 236                         NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, length));
 237                         ndr->offset = _saved_offset2;
 238                 }
 239                 if (ndr_flags & NDR_BUFFERS) {
 240                         NDR_CHECK(ndr_push_dns_rdata(ndr, NDR_BUFFERS, &r->rdata));
 241                 }
 242                 ndr->flags = _flags_save_STRUCT;
 243         }
 244         return NDR_ERR_SUCCESS;
 245 }
 246
 247 _PUBLIC_ enum ndr_err_code ndr_pull_dns_res_rec(struct ndr_pull *ndr, int ndr_flags, struct dns_res_rec *r)
 248 {
 249         {
 250                 uint32_t _flags_save_STRUCT = ndr->flags;
 251                 uint32_t _saved_offset1;
 252                 uint32_t pad, length;
 253
 254                 ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX|LIBNDR_FLAG_NOALIGN);
 255                 if (ndr_flags & NDR_SCALARS) {
 256                         NDR_CHECK(ndr_pull_align(ndr, 4));
 257                         NDR_CHECK(ndr_pull_dns_string(ndr, NDR_SCALARS, &r->name));
 258                         NDR_CHECK(ndr_pull_dns_qtype(ndr, NDR_SCALARS, &r->rr_type));
 259                         NDR_CHECK(ndr_pull_dns_qclass(ndr, NDR_SCALARS, &r->rr_class));
 260                         NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->ttl));
 261                         NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->length));
 262                         _saved_offset1 = ndr->offset;
 263                         NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->rdata, r->rr_type));
 264                         NDR_CHECK(ndr_pull_dns_rdata(ndr, NDR_SCALARS, &r->rdata));
 265                         length = ndr->offset - _saved_offset1;
 266                         if (length > r->length) {
 267                                 return ndr_pull_error(ndr, NDR_ERR_LENGTH,
 268                                                       "TODO");
 269                         }
 270
 271                         r->unexpected = data_blob_null;
 272                         pad = r->length - length;
 273                         if (pad > 0) {
 274                                 NDR_PULL_NEED_BYTES(ndr, pad);
 275                                 r->unexpected = data_blob_talloc(ndr->current_mem_ctx,
 276                                                                  ndr->data + ndr->offset,
 277                                                                  pad);
 278                                 if (r->unexpected.data == NULL) {
 279                                         return ndr_pull_error(ndr, NDR_ERR_ALLOC,
 280                                                               "Failed to allocate a data blob");
 281                                 }
 282                                 ndr->offset += pad;
 283                         }
 284
 285
 286                         NDR_CHECK(ndr_pull_trailer_align(ndr, 4));
 287                 }
 288                 if (ndr_flags & NDR_BUFFERS) {
 289                         NDR_CHECK(ndr_pull_dns_rdata(ndr, NDR_BUFFERS, &r->rdata));
 290                 }
 291                 ndr->flags = _flags_save_STRUCT;
 292         }
 293         return NDR_ERR_SUCCESS;
 294 }